What is claimed is: 



1 . A method of authenticating the identity of a user to determine access to 
a system, comprising: 

providing a plurality of factor-based data instances corresponding to a 

user; 

evaluating the factor-based data instances to determine if the user's 
identity is authenticated; 

restricting the user's access to the system if the user's identity is not 
authenticated; and 

granting the user's access to the system if the user's identity is 
authenticated. 

2. The method of claim 1 , further comprising providing an authentication 
value, based on the evaluation determination. 

3. The method of claim 1 , wherein restricting the user's access includes 
denying the user's access. 

4. The method of claim 1 , wherein the factor-based data instances 
include a knowledge-based data instance. 
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5. The method of claim 1 , wherein the factor-based data instances 
include a possession-based data instance. 

6. The method of claim 1 , wherein the factor-based data instances 
include a biometric-based data instance. 

7. A method of authenticating the identity of a user to determine access to 
a system, comprising: 

providing a plurality of factor-based data instances corresponding to a 
user, including at least one modified data instance based on a second data 
instance of the plurality of factor-based data instances; 

generating a key based on a first data instance of the plurality of factor- 
based data instances; 

applying the key to the at least one modified data instance to generate a 
recovered data instance; 

interrogating the recovered data instance against the second data 
instance to generate an authentication value as a result of a correspondence 
evaluation; 

restricting the user's access to the system based at least in part on an 
invalid authentication value; and 

granting the user's access to the system based at least in part on a valid 
authentication value. 
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8. The method of claim 7, wherein the authentication value is a first 
authentication value, the method further comprising combining the first 
authentication value with at least one other authentication value, to generate a 
combined authentication value. 

9. The method of claim 7, wherein restricting the user's access includes 
denying the user's access. 

10. The method of claim 7, wherein the factor-based data instances 
include a knowledge-based data instance. 

1 1 . The method of claim 7, wherein the factor-based data instances 
include a possession-based data instance. 

12. The method of claim 7, wherein the factor-based data instances 
include a biometric-based data instance. 

13. A method of authenticating the identity of a user to determine access 
to a system, comprising: 

providing a possession-based data instance, a modified version of the 
possession-based data instance, a knowledge-based data instance, a biometric- 
based data instance, and a modified version of the biometric-based data 
instance; 
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generating a key based on the knowledge-based data instance; 

applying the key to the modified version of the possession-based data 
instance to generate a first recovered data instance; 

interrogating the first recovered data instance against the possession- 
based data instance to generate a possession value as a result of a first 
correspondence evaluation; 

applying the key to the modified version of the biometric-based data 
instance to generate a second recovered data instance; 

interrogating the second recovered data instance against the biometric- 
based data instance to generate a biometric value as a result of a second 
correspondence evaluation; 

combining the key, the possession value, and the biometric value to form 
an authentication value; 

restricting the user's access to the system if the user's identity is not 
authenticated, based at least in part on the authentication value; and 

granting the user's access to the system if the user's identity is 
authenticated, based at least in part on the authentication value. 

14. The method of claim 13, wherein restricting the user's access 
includes denying the user's access. 

15. The method of claim 13, wherein the modified version of the 
biometric-based data instance is a first modified version of the biometric-based 
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data instance, and the biometric value is a second modified version of the 
biometric-based data instance. 

16. The method of claim 15, wherein the biometric value is a 
cryptographic hash of the biometric-based data instance. 

17. The method of claim 13, wherein restricting the user's access to the 
system and granting the user's access to the system is based on a modified 
version of the authentication value. 

18. The method of claim 17, wherein the modified version of the 
authentication value is a cryptographic hash of the authentication value. 

19. A method of authenticating the identity of a user to determine access 
to a system, comprising: 

providing a possession-based data instance, a stored biometric-based 
data instance, and a read biometric-based data instance; 

interrogating the stored biometric-based data instance against the read 
biometric-based data instance to generate a biometric value as a result of a 
correspondence evaluation; 

combining the possession-based data instance and the biometric value to 
form an authentication value; 
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evaluating the authentication value to determine if the user's identity is 
authenticated; 

restricting the user's access to the system if the user's identity is not 
authenticated, based at least in part on the authentication value; and 

granting the user's access to the system if the user's identity is 
authenticated, based at least in part on the authentication value. 

20. The method of claim 19, wherein restricting the user's access 
includes denying the user's access. 

21 . The method of claim 19, wherein the biometric value is a modified 
version of the biometric-based data instance. 

22. The method of claim 21, wherein the biometric value is a 
cryptographic hash of the biometric-based data instance. 

23. The method of claim 19, wherein restricting the user's access to the 
system and granting the user's access to the system is based on a modified 
version of the authentication value. 

24. The method of claim 23, wherein the modified version of the 
authentication value is a cryptographic hash of the authentication value. 
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25. A method of authenticating the identity of a user to determine access 
to a system, comprising: 

providing a possession-based data instance, a biometric-based data 
instance, and a modified version of the biometric-based data instance; 

applying the possession-based data instance to the modified version of 
the biometric-based data instance to generate a recovered data instance; 

interrogating the recovered data instance against the biometric-based data 
instance to generate a biometric value as a result of a correspondence 
evaluation; 

combining the possession-based data instance and the biometric value to 
form an authentication value; 

evaluating the authentication value to determine if the user's identity is 
authenticated; 

restricting the user's access to the system if the user's identity is not 
authenticated, based at least in part on the authentication value; and 

granting the user's access to the system if the user's identity is 
authenticated, based at least in part on the authentication value. 

26. The method of claim 25, wherein restricting the user's access 
includes denying the user's access. 

27. The method of claim 25, wherein the modified version of the 
biometric-based data instance is a first modified version of the biometric-based 
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data instance, and the biometric value is a second modified version of the 
biometric-based data instance. 

28. The method of claim 27, wherein the biometric value is a 
cryptographic hash of the biometric-based data instance. 

29. The method of claim 25, wherein restricting the user's access to the 
system and granting the user's access to the system is based on a modified 
version of the authentication value. 

30. The method of claim 29, wherein the modified version of the 
authentication value is a cryptographic hash of the authentication value. 
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